Linux Kernel ftrace Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's ftrace functionality. The issue arises in the ftrace_add_mod() function, where an ftrace_mod structure, allocated with kzalloc(), has its list members (prev and next) initialized to NULL. This state is invalid for calling list_del(), as it leads to a null pointer dereference. The vulnerability can be triggered if kstrdup() fails when copying the function or module name for the ftrace_mod, causing the cleanup routine to free the structure without properly initializing the list. Subsequent calls that attempt to remove the structure from a list will encounter a null pointer dereference, leading to a kernel panic.

Impact

Exploitation of this vulnerability causes a kernel panic due to a null pointer dereference, disrupting system operations and potentially leading to a denial of service.

Remediation

The vulnerability can be addressed by modifying the code to properly initialize the list members of the ftrace_mod structure before it is used. This can be done by calling INIT_LIST_HEAD() to set up the list members correctly.